Measuring DNSSEC Geoff Huston & George Michaelson APNICLabs September 2012.

Slides:



Advertisements
Similar presentations
Programme: 145 sessions & social events
Advertisements

® Students 9,866,143 Students 9,866,143 Students 382,637Volunteers.
World Education Statistics. Notes on Categories Used Regional tables More developed regions Northern America comprises Canada and the United States. Asia.
Slide 1 Welcome Address Regulating Authorities E&P Service Industry E&P Operators.
UNITED NATIONS FINANCIAL PRESENTATION UN Cash Position 9 May 2008 Warren Sach Assistant-Secretary-General, Controller.
Roaming offers May 2014.
Magician or Math-a-magician?. Math Magic Math Magic – Trick #1 Pick a number… any number! (keep it a secret though) Add 1 to that number Multiply by.
© Hague Conference on Private International Law The Hague Conference on Private International Law HCCH HCCH.
Measuring DNSSEC Use We want to measure the extent to which DNSSEC is actually being used in today’s Internet by DNS resolvers, and the extent to which.
MUTUALLY REINFORCING INSTITUTIONS NATO HQ - POLITICAL AFFAIRS DIVISION.
UNIVERSITY OF JYVÄSKYLÄ INTERNATIONAL COOPERATION.
European-Asian Law Congress eighth session
Palestine: A Market for the Patient December 2012 “Good Things Come to Those Who Wait”
World Peace Ceremony Featuring Young People Around the World Celebrating the INTERNATIONAL DAY OF PEACE.
WELCOME TO PEACE DECEMBER LIGHTING CEREMONY NOVEMBER 30 TH 2014.
Build /16/2017 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.
The Political Geography of AIDS
World Education Services
Flags Quiz What country or organisation does the flag belong to? Press the appropriate button.
The Global Gender Gap Report Contents —Global Gender Gap Index Methodology —Selected Rankings 2013 —Global & Regional Performance 2013 —Dynamics.
UNITED NATIONS FINANCIAL SITUATION 11 October 2011 Angela Kane Under-Secretary-General for Management.
Knowledge Management LXV International Council Meeting Qawra, Malta 16 th - 23 rd of March 2014.
Measuring DNSSEC Geoff Huston & George Michaelson APNICLabs September 2012.
1 Survey Data in ECA : Frequency, Coverage, Consistency and Access By Victor Sulla ECS-PE.
The User Side of DNSSEC Geoff Huston APNIC. What is DNSSEC? (the ultra-short version) DNSSEC adds Digital Signatures to DNS All DNS “data” is signed by.
AP Human Geography Political (Countries) Summer Requirement Woodstock High School.
AZR211: What’s New in Windows Azure? Wade Wegner Blog: AZR211.
The Patent Cooperation Treaty (PCT): Trends, Challenges and the Future “Hot topics in Foreign Patent Procurement and Enforcement” 25 th Annual ABA IPL.
What is a Web Address?. What’s in a name? The URL (uniform resource locator) is just a technical word that means the address to a web page on the WWW.
ISBN What The Numbers Mean Exactly. The prefix element. The registration group identifier. The registrant and the publisher element. The publication element.
ICFA/SCIC Monitoring WG Les Cottrell – SLAC representing the ICFA/SCIC Monitoring WG Prepared for the ICFA-SCIC, phone meeting, Jan 15, 2003
Directive 95/50/EC TDG Checks Application of Annexes Erkki Laakso EUROPEAN COMMISSION DG ENERGY & TRANSPORT TDG Checks Riga June 2006.
Windows Azure Global Footprint video Inside a Datacenter 
Afghanistan Albania Algeria Andorra Angola.
Date: in 12 pts Education and Culture International mobility for students and staff 2015 Call for Proposals.
STUDY PROGRAMMES IN FOREIGN LANGUAGES RUSSIAN HIGHER EDUCATION PROFILE Kaliningrad,
Windows Azure Inside a Datacenter  video 
Rome May World demand trend Agricultural tractors Millions US $ Italian Institute for Foreign Trade.
WELCOME TO THE MAP LIBRARY.  The map library provides you with a range of ready-to-use maps that can be used in your PowerPoint presentations.  The.
Measuring DNSSEC Geoff Huston APNIC Labs, June 2014.
 organized ways for creating laws/rules  protect the well-being of the general public  help manage conflict.
Global MAX Welcome to the world of…. About us We take pleasure in inviting you to become a member of Global MAX. We have two objectives: 1 st to provide.
Doing Business in Europe Bay Area CITD Seminar Series Tuesday, September 21st, 2004 Kemarra Inc. - Key Marketing Resources & Associates San Francisco USA.
NextLastEurope. NextLastEurope  The region of Europe is the area on the map shaded dark purple. Europe.
Europe Research PowerPoint Each group (2-3) must choose two countries from Europe and create a PPT that teaches their classmates about those nations.
Global Protection Systems and their ongoing improvement: update on the Patent Cooperation Treaty (PCT) APAA 59 th Council Meeting Workshop November 13,
Erasmus+ International Credit Mobility Call for Proposals 2016
Map - Region 3 Europe.
The Continents and Oceans of the World
Social Studies: Europe & Russia Lesson 34 Practice & Review
Computer Class – Summer 20092/21/2016 3:45 AM European Countries Albania Andorra Austria Belarus Belgium Bosnia and Herzegovina Bulgaria Croatia Czech.
The European Law Students’ Association Albania ˙ Austria ˙ Azerbaijan ˙ Belgium ˙ Bosnia and Herzegovina ˙ Bulgaria ˙ Croatia ˙ Cyprus ˙ Czech Republic.
Global Printing Ink Market to Market Size, Growth, and Forecasts in Over 70 Countries “This comprehensive publication enables readers the critical.
Copyright © 2007 Rockwell Automation, Inc. All rights reserved. Insert Photo Here RSLogix 5000 with FactoryTalk Activation Grace Period.
Pinger and IEPM-BW activity at FNAL By Frank Nagy FTP/CCF Computing Division Fermilab.
Government Agenda for rest of the week: Turn in 12 research sources(websites) Daily Grade Finish Powerpoint/Notes today Continue working on Review Guide.
CONFIDENTIAL 1 EPC, European Union and unitary patent/UPC EPC: yes EEA: no EU: no (*) (*) Also means no unitary patent Albania, Macedonia, Monaco, San.
France Ireland Norway Sweden Finland Estonia Latvia Spain Portugal Belgium Netherlands Germany Switzerland Italy Czech Rep Slovakia Austria Poland Ukraine.
N= 14,210 * Includes English Learners (ELs) in Philadelphia School District schools as of February 15,2017. Incluye estudiantes de inglés como segundo.
World Development Chart 2004
Table 1. New HIV diagnoses by country, EU/EEA, 2010–2014
The United Nations Financial Situation
**The percentage share held in gold of total foreign reserves, as calculated by the World Gold Council. The value of gold holdings is calculated using.
United Arab Emirates**
Name the world flag… Bell Ringer Activity
Sourcing. Costs. HARDWARE + SERVICE
ESF FINANCIAL EXECUTION PART 1 STATE OF PLAY END 2016
**The percentage share held in gold of total foreign reserves, as calculated by the World Gold Council. The value of gold holdings is calculated using.
The Convention on Long-range Transboundary Air Pollution
Electrification business
Presentation transcript:

Measuring DNSSEC Geoff Huston & George Michaelson APNICLabs September 2012

What are the questions? 1.What proportion of DNS resolvers are DNSSEC-capable? 2.What proportion of users are using DNSSEC- validatingDNS resolvers? 3.Where are these users?

Experimental Technique Use code embedded in an online ad to perform two simple DNSSEC tests GET 1x1 pixel image DNSSEC-signed domain DNSSEC-signed subdomain unique experiment identifier string experiment type GET Valid DNSSEC signature chain Invalid DNSSEC signature chain

The Experiment Embed the unique id generation and the ad control in flash code Get an online advertisement network to display the ad The underlying code and the retrieval of the image is executed as part of the ad display function – No click is required! (or wanted!)

Experiment Run 10 – 17 September 2012

Resolvers: How many unique IP addresses queried for experiment domains in dotnxdomain.net? How many of these DNS resolvers also queried for the DNSKEY RR of dotnxdomain.net?

Resolvers: How many unique IP addresses queried for experiment domains in dotnxdomain.net? 57,268 How many of these DNS resolvers also queried for the DNSKEY RR of dotnxdomain.net? 2,316

Q1: What proportion of DNS resolvers are DNSSEC-capable? 4.0% of visible DNS resolvers appear to be performing DNSSEC validation

“small scale” Resolvers How many “small” resolvers were seen: 40,446 How many perform DNSSEC validation: 1,136 What’s the DNSSEC-active proportion of these resolvers: 2.8%

Infrastructure Resolvers: Filter out all resolvers that are associated with just 1 or 2 end clients How many resolvers are left: 16,822 How many perform DNSSEC validation: 1,180 What’s the DNSSEC-active proportion of these resolvers: 7.0%

The Biggest Resolvers yes47973AS15169GOOGLE - Google Inc.USA no45990AS4766KIXS-AS-KR Korea TelecomKorea no34213AS3462HINET Data Communication Business GroupTaiwan no28452AS3786LGDACOM LG DACOM CorporationKorea no25949AS9318HANARO-AS Hanaro Telecom Inc.Korea no21020AS6799OTENET-GR (Hellenic Telecommunications)Greece no16379AS5384Emirates Telecommunications CorporationUAE no16201AS45595PKTELECOM-AS-PK Pakistan Telecom Pakistan no16179AS4134CHINANET-BACKBONE No.31China no15321AS25019SAUDINETSTC-AS SaudiNetSaudi Arabia no11881AS16880Global IDC and Backbone of Trend Micro Japan no10665AS4788TMNET-AS-AP TM NetMalaysia no 9595AS8452TE-AS TE-ASEgypt no 9536AS3356LEVEL3 Level 3 CommunicationsUSA no 9232AS4837CHINA169-BACKBONE CNCGROUP China169China no 9210AS9829BSNL-NIB National Internet BackboneIndia DNSSEC? Clients AS AS NAME Country

Now lets look at Clients: How many unique IP addresses performed web fetches for objects named in the experiment? How many clients used DNS resolvers that also logged queries for the DNSKEY RR of dotnxdomain.net?

Clients: How many unique IP addresses performed web fetches for objects named in the experiment? 770,934 How many clients used DNS resolvers that also logged queries for the DNSKEY RR of dotnxdomain.net? 69,560

Q2: What proportion of users are DNSSEC-validating resolvers? 9.0% of end client systems are using DNS resolvers that appear to be performing DNSSEC validation

Q3: Where can we find DNSSEC- validating users?

Client use of DNSSEC by country (%) September 2012 Q3: Where can we find DNSSEC- validating users?

The top of the country list % who CC sample client counts use DNSSEC DNSSEC Total 73.33% LY Libya 62.74% SE Sweden 56.69% CZ Czech Republic 53.95% SI Slovenia 53.79% PS Occupied Palestinian Territory 49.93% AZ Azerbaijan 46.41% DJ Djibouti 46.21% DZ Algeria 43.38% ZM Zambia 43.12% LU Luxembourg 42.01% BN Brunei Darussalam 41.22% IE Ireland 40.74% AO Angola 40.13% NI Nicaragua 37.60% FI Finland 34.82% TR Turkey 34.31% GU Guam 32.33% KG Kyrgyzstan 29.75% VN Vietnam 29.11% CL Chile 29.00% DM Dominica 28.97% BY Belarus 28.50% UG Uganda 28.12% ZA South Africa 26.10% ID Indonesia 25.62% JM Jamaica Ranking only those countries with more than 100 sample points in this experiment run (136 countries)

And the bottom of the list % who CC sample client counts use DNSSEC DNSSEC Total 2.63% LK Sri Lanka 2.52% CR Costa Rica 2.49% UY Uruguay 2.45% GE Georgia 2.42% BW Botswana 2.36% JO Jordan 2.33% SA Saudi Arabia 2.30% HR Croatia 2.30% FR France 2.18% AT Austria 2.15% ES Spain 2.11% AN Netherlands Antilles 2.08% OM Oman 2.03% CY Cyprus 1.89% KR Republic of Korea 1.86% MU Mauritius 1.72% GR Greece 1.70% KW Kuwait 1.56% MO Macao Special Administrative Region of China 1.56% SV El Salvador 1.56% TT Trinidad and Tobago 1.46% DO Dominican Republic 0.79% AE United Arab Emirates 0.69% MX Mexico 0.51% QA Qatar 0.47% MN Mongolia Ranking only those countries with more than 100 sample points in this experiment run (136 countries) % who CC sample client counts use DNSSEC DNSSEC Total 73.33% LY Libya 62.74% SE Sweden 56.69% CZ Czech Republic 53.95% SI Slovenia 53.79% PS Occupied Palestinian Territory 49.93% AZ Azerbaijan 46.41% DJ Djibouti 46.21% DZ Algeria 43.38% ZM Zambia 43.12% LU Luxembourg 42.01% BN Brunei Darussalam 41.22% IE Ireland 40.74% AO Angola 40.13% NI Nicaragua 37.60% FI Finland 34.82% TR Turkey 34.31% GU Guam 32.33% KG Kyrgyzstan 29.75% VN Vietnam 29.11% CL Chile 29.00% DM Dominica 28.97% BY Belarus 28.50% UG Uganda 28.12% ZA South Africa 26.10% ID Indonesia 25.62% JM Jamaica

DNSSEC-Validating Clients by AS – the top AS’s % who ASN sample client counts use DNSSEC DNSSEC Total % RS VIPMOBILE-AS Vip mobile d.o.o., Serbia 99.18% UA INTERTELECOM Intertelecom Ltd, Ukraine 98.65% IT, Italy 98.37% SE HI3G Hi3G Access AB, Sweden 97.53% IL HOTNET-IL Hot-Net internet services Ltd., Israel 96.96% NZ VODAFONE-NZ-NGN-AS Vodafone NZ Ltd., New Zealand 96.88% PL ERA Polska Telefonia Cyfrowa S.A., Poland 96.54% RO NG-AS SC NextGen Communications SRL, Romania 96.15% CL VTR BANDA ANCHA S.A., Chile 95.74% SI T-2-AS AS set propagated by T-2, d.o.o., Slovenia 95.00% SE BAHNHOF Bahnhof Internet AB, Sweden 95.00% DE KABELBW-ASN Kabel BW GmbH, Germany 94.37% FR OUTREMER-AS Outremer Telecom, France 93.84% ZA SAIX-NET, South Africa 93.54% SI SIOL-NET Telekom Slovenije d.d., Slovenia 93.01% ID TACHYON-AS-ID PT Remala Abadi, Indonesia 92.98% DE MNET-AS M-net AS, Germany 91.93% AZ AZTELEKOM Azerbaijan Telecomunication ISP, Azerbaijan 91.61% CZ TO2-CZECH-REPUBLIC Telefonica Czech Republic, a.s., Czech Republic 91.60% EU TSF-IP-CORE TeliaSonera Finland IP Network, European Union 91.30% JP SANNET SANYO Information Technology Solutions Co., Ltd., Japan 91.24% IE EIRCOM Eircom Limited, Ireland 90.32% KZ DTVKZ-AS Digital TV, LLP, Kazakhstan 90.08% US COMCAST Comcast Cable Communications, Inc., United States of America 90.00% SE BREDBAND2 Bredband2 AB, Sweden 89.33% SE TELIANET-SWEDEN TeliaSonera AB, Sweden Ranking only those ASs with more than 50 sample points in this experiment run (1014 AS’s)

DNSSEC use in the RIPE Region... SE 62.74% Sweden CZ 56.69% Czech Rep. SI 53.95% Slovenia PS 53.79% Palestine GL 53.33% 8 15 Greenland AZ 49.93% Azerbaijan LU 43.12% Luxembourg IE 41.22% Ireland FI 37.60% Finland TR 34.82% Turkey TM 33.33% 1 3 Turkmenistan KG 32.33% Kyrgyzstan BY 28.97% Belarus IR 25.00% 1 4 Iran IQ 23.43% Iraq MT 22.59% Malta LT 22.23% Lithuania BA 21.78% Bosnia TJ 18.75% 3 16 Tajikistan UA 17.78% Ukraine AL 15.95% Albania SY 15.70% Syria PL 15.55% Poland LB 14.67% Lebanon NO 13.57% Norway HU 12.68% Hungary IT 12.45% Italy AM 11.14% Armenia BH 10.34% Bahrain KZ 10.18% Kazakhstan SK 9.09% Slovakia RO 8.68% Romania DK 8.55% Denmark EE 7.75% Estonia RU 7.59% Russia BG 7.47% Bulgaria AD 6.90% 2 29 Andorra MC 6.67% 3 45 Monaco MK 6.17% Macedonia IL 6.07% Israel DE 6.00% Germany IS 5.97% Iceland CH 5.95% Switzerland LI 5.88% 1 17 Liechtenstein LV 5.52% Latvia NL 5.36% Netherlands MD 4.77% Moldova YE 4.50% Yemen GI 3.70% 1 27 Gibraltar UZ 3.68% Uzbekistan BE 3.11% Belgium PT 2.71% Portugal GB 2.66% UK GE 2.45% Georgia JO 2.36% Jordan SA 2.33% Saudi Arabia HR 2.30% Croatia FR 2.30% France AT 2.18% Austria ES 2.15% Spain OM 2.08% Oman CY 2.03% Cyprus GR 1.72% Greece KW 1.70% Kuwait AE 0.79% UAEs QA 0.51% Qatar SM 0.00% 0 6 San Marino FO 0.00% 0 18 Faroe Islands Country Code DNSSEC use Clients who used DNSSEC Resolvers Client count

Thank you! More details at: blabs.apnic.net

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.